<?php
 session_start();
 
  $email = $_SESSION['email'];
  $temp_pass1 = $_POST['password'];
  $temp_pass2 = $_POST['c_password'];
 $password=md5($_POST['password']);
 $check = strcmp($temp_pass1,$temp_pass2);
 
  if($temp_pass1 =="" || $temp_pass2 =="")
 {
	 echo 'blank_password';
	 exit;
	 }
	 
else if(strlen($temp_pass1)<6 || strlen($temp_pass2)<6)
 {
	 echo 'short_password';
	 exit;
	 }
	 
else if($check!=0)
{
	echo 'miss_match';
	exit;
	}	 
 
 // connect to database
 include('config.php');
 
 
$tbl_table = "user_info";

// Create Mysqli object
$db = new mysqli($db_server,$db_user,$db_pass,$db_database);

// Create statement object
$stmt = $db->stmt_init();

// Create a prepared statement
if($stmt->prepare("Update $tbl_table set password = ? where email='$email' ")) {
 
   
   // Bind your variable to replace the ?
    $stmt->bind_param('s', $password);
 
  
    // Execute query
   if( $stmt->execute())
   {
	   // Close statement object
		$stmt->close();
		
		
		
		echo "true";
		 
		}
		//unset email from session that was set in password reset page
		unset($_SESSION['email']);
		
	   }
	


/*
// if suceesfully inserted data into database, send confirmation link to email
if($result){

	
	
	 
	 $tbl_name = "password_recovery";
	 
	 $sql1 = "Delete from $tbl_name where email='$email' ";

	$result1=mysql_query($sql1);
	
	 unset($_SESSION['email']);
	 
		if($result1)
		{
			// echo "password changed succefully";
			echo 'true';
			}
	 
	 }
 else{
	 
	echo 'error';
	 }
*/
 ?>